GDPR Tools are Here: Updated Forms, Improved Contact Management, …

As the Data Protection Officer at MailChimp, it’s my responsibility to make sure that we’re prepared for—and compliant with—data privacy laws like the GDPR.

A few weeks ago, our General Counsel wrote about the benefits of the GDPR and discussed the new tools that we’ve been working on to help make your GDPR preparations simple and fast.

Today, I’m excited to announce that those tools—including GDPR-friendly forms and an easier way to manage your contacts’ data—have started rolling out to MailChimp users, and will be available to everyone within a few days.

Easily get consent with our GDPR-friendly forms

Under the GDPR, consent is required for each distinct use of a contact’s personal data, unless you’re able to rely on another legal basis. The law says that pre-ticked boxes (along with silence and inactivity) do not count as consent, so you’ll need signup forms that make it easy to collect the permission you need.

But don’t worry; our new GDPR-friendly forms make it easy to obtain (and record) the consent required under the GDPR.

And because these new features are built directly into our hosted, pop-up, and landing page forms, you don’t have to compromise on design.

Marketing permission text: Let your new signups know why you’re collecting their information and how you’ll be using it. We’ll provide default text to help you get started, but you can edit the messaging in this section to meet your specific needs. Be sure to clearly describe all of your data processing activities for your contacts.

Opt-in checkboxes for all of your channels: Contacts can choose exactly how and where they want to hear from you. By default, we’ll include 3 of the most common marketing channels—email, direct mail, and customized online advertising (like Facebook, Instagram, or Google remarketing ads)—but you can add up to 20 different channels and customize the field labels to ensure the form is consistent with your practices.

Space for your own privacy policy and terms: Tell people how to contact you, point them in the direction of your privacy policy, and share any other applicable legal information.

MailChimp’s permission terms: This section lets your contacts know that you’ll be storing their information in your MailChimp account and provides links to our Privacy Policy and Terms of Use. It’s designed to help you (and MailChimp) remain compliant with the GDPR, so it can’t be edited. If you collect contact information through other means (outside of these GDPR-friendly forms) and plan to keep that information in MailChimp, please be sure to copy and paste our permission terms there, too.

The GDPR permission fields behave just like the other fields in your signup form, so you can use the information they collect to build segments and filter your contacts based on who has—or who hasn’t—checked the appropriate box and opted into receiving a certain type of communication from you.

Send a re-permission email to your existing list

If you’ve previously obtained consent from your contacts in a manner that complies with the GDPR, there’s no need to ask for their permission again. But if you’d like a fresh bill of consent from any of those contacts to demonstrate that you’re in compliance with all of the new law, you can send a re-permission email to your list.

We’ve created a new template (along with editable suggested language) to help simplify this process for you, and if you need additional tips, we’ve got you covered.

Stay compliant with our data management and security tools

MailChimp is entrusted with the data of millions of people, and it’s critical that we preserve that trust by protecting the information we process.

We’re certified to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, so you can legally transfer contact data from the EU to MailChimp once you get the necessary permission and complete our updated data processing agreement (DPA).

We offer a number of security tools that you can implement to add extra layers of protection to your account, including two-factor authentication (2FA). We recommend that all MailChimp users turn on 2FA—and we’ll even give you a discount on your account when you set it up.

Improved contact management

The GDPR provides individuals with expanded rights regarding the use of their personal data, including the right to request its deletion. And with MailChimp, it’s quicker and easier to address data requests from your contacts—there are no cumbersome processes or long wait times while someone else handles the requests for you.

Here’s how we’re helping you manage your contacts and their information.

Record consent: Our new GDPR-friendly forms will take a snapshot of the form version when each person signs up—along with the information they provided on the form, the date, the time, and the IP address used to submit it—so you’ll always know exactly what the contact saw and what data they provided. This will be available in thecontact profile, and you’ll be able to export, share, and prove consent in a few simple steps.

Modify contact information: If someone wants to make changes to their personal data or permissions, they can do so through the Update Profile link in the footer of all MailChimp’s Basic and Themed templates or by contacting you directly. If you receive a request from a contact, you can manually update their profile in just a few clicks.

Coming soon: improved deletion functionality: When a contact requests to be removed from your list, you will be able to easily delete all of their personal data without affecting the accuracy of your MailChimp reports.

Get started with our GDPR tools

The GDPR is going to impact businesses all over the world and will take some effort on your part to get ready, but ultimately it will help you develop a more trusting relationship with your contacts—and it should help improve your email deliverability, too.

The GDPR takes effect on May 25, 2018, but there’s still time to prepare. Log into your account today and turn on GDPR fields for your signup forms.

The GDPR, or General Data Protection Regulation, goes into effect on May 25, 2018, in the European Union and regulates how EU personal data can be collected, used, and processed. For more details, check out our helpful FAQ and GDPR guide.